AW: AW: Problem with Apache in Jail
Ian Smith
smithi at nimnet.asn.au
Fri Nov 20 08:12:36 UTC 2009
On Fri, 20 Nov 2009, Scheithauer, Lars (FH) wrote:
> Hi Bastien,
>
> I've set up the jail after this guide[1] of the FreeBSD handbook.
I'm only replying to this suspecting it may not be a jail issue, but
perhaps more likely a DNS issue, as Miroslav was earlier pointing to?
> A firewall is not active (yet), since I first wanted the jail to work.
>
> If I telnet to the server from the inside (DNS and IP), I can get a
> valid response. If I telnet to the servers ip from the outside, too.
> However, as soon as I try to get the files of a specific hostname, I
> get a timeout (more specifically, I can connect to the server, but it
> won't give any single packet back, according to wireshark).
So are you sure that (from outside your environment) the vhost hostname
resolves to its IP address ok? Does it have a unique public IP address?
If so, does reverse resolution of that address point to that hostname?
>From (right) outside your net, does that IP address respond to pings?
By IP address as well as by hostname?
Does your apache config specify name-based and/or IP-based virtual
hosts? There can lurk some dragons ..
> I don't get the problem and honestly don't know where to look
> anymore. If it would be an apache config problem, it should not work
> from the inside, too. If it's a jail problem, I don't know what else
> to activate (even tried to allow raw sockets). The problem is also
> persistent with the apache20-installation.
If this is a jail issue I've no idea at all, but if the DNS results
obtained from inside and outside your network perimeter differ, that may
explain some of what you're seeing. I guess an outside DNS query
followed by an attemped HTTP connect tracked on tcpdump, perhaps in
verbose packet-display mode (eg -nXs0) should provide more solid clues?
> For the logfiles: I do get an entry, if I get something back from the
> server. If I don't get anything back from the server, I don't get an
> entry.
Make sure that you're logging both the vhost concerned and the 'default'
config used if no vhost entry is satisfied, perhaps you'll see something
there? I specify error.log to catch any of these during vhost setup.
You may need to share more of your apache configuration in the hope that
someone may spot something, once you confirm there are no DNS issues.
Just some ideas ..
cheers, Ian
More information about the freebsd-jail
mailing list